AWS cloudhsm documentation change
Summary
Added instructions for placing issuing certificates and bootstrapping EC2 instances using configure-openssl-provider tool
Security assessment
Documents security feature configuration (certificate management and HSM connectivity) but doesn't address any specific vulnerability. Improves operational security documentation.
Diff
diff --git a/cloudhsm/latest/userguide/cluster-connect.md b/cloudhsm/latest/userguide/cluster-connect.md index e2ec48b08..2ef36912d 100644 --- a//cloudhsm/latest/userguide/cluster-connect.md +++ b//cloudhsm/latest/userguide/cluster-connect.md @@ -70,0 +71,12 @@ OpenSSL Dynamic Engine +OpenSSL Dynamic Engine Provider + + +###### To place the issuing certificate on Linux for Client SDK 5 + + * Use the configure tool to specify a location for the issuing certificate. + + $ sudo /opt/cloudhsm/bin/configure-openssl-provider --hsm-ca-cert <customerCA certificate file> + + + + @@ -203,0 +216,12 @@ OpenSSL Dynamic Engine +OpenSSL Dynamic Engine Provider + + +###### To bootstrap a Linux EC2 instance for Client SDK 5 + + * Use the configure tool to specify the IP address of an HSM in your cluster. + + $ sudo /opt/cloudhsm/bin/configure-openssl-provider -a <HSM IP addresses> + + + +